[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: Son of IKE: A proposal for moving forward

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Fwd: Re: Son of IKE: A proposal for moving forward
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 13 Jun 2002 15:30:20 -0400 (EDT)
In-Reply-To: <200206131904.g5DJ4YZs004605@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 13 Jun 2002, Bill Sommerfeld wrote:
> > There is no reason why the two trusted "networks" can't be single hosts --
> > that's just a degenerate case...
> 
> there are certain obvious scaling problems with this approach.
> direct use of transport mode is likely to be easier to manage, require
> fewer addresses, and be simpler with large numbers of hosts.

You're making unwarranted assumptions about what a VPN is.  It's perfectly
possible to have a VPN in which the "wires" are private but the addresses
are not.  (Indeed, even VPNs with non-degenerate ends do not necessarily
use private addresses.)

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: Fwd: Re: Son of IKE: A proposal for moving forward
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

References:
- Re: Fwd: Re: Son of IKE: A proposal for moving forward
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Next by Date: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Prev by thread: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Next by thread: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Index(es):
- Date
- Thread